netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* bug report: iwlwifi: mvm: support mac80211 TXQs model
@ 2019-02-20 14:40 Colin Ian King
  2019-02-20 21:12 ` Johannes Berg
  0 siblings, 1 reply; 2+ messages in thread
From: Colin Ian King @ 2019-02-20 14:40 UTC (permalink / raw)
  To: Sara Sharon, Johannes Berg, Emmanuel Grumbach, Luca Coelho,
	Intel Linux Wireless, Sara Sharon, linux-wireless, netdev
  Cc: Kalle Valo, David S. Miller, linux-kernel

Hi,

Static analysis by CoverityScan has detected an uninitialized variable
error in drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c

Variable used_hw_queues in iwl_mvm_mac_ctxt_init() is no longer being
assigned an initial value, causing garbage to be found when calling
find_first_zero_bit() on used_hw_queues.

CoverityScan reports this as follows:

363        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
   CID 1477001 (#1 of 1): Uninitialized scalar variable (UNINIT)
uninit_use_in_call: Using uninitialized value used_hw_queues when
calling find_first_zero_bit.

364                u8 queue = find_first_zero_bit(&used_hw_queues,
queue_limit);
365

This issue was caused by the following commit:

cfbc6c4c5b91c7725ef14465b98ac347d31f2334 ("iwlwifi: mvm: support
mac80211 TXQs model")

..when the used_hw_queues initialization was removed:

@@ -360,8 +300,6 @@ int iwl_mvm_mac_ctxt_init(struct iwl_mvm *mvm,
struct ieee80211_vif *vif)
                mvm->hw, IEEE80211_IFACE_ITER_RESUME_ALL,
                iwl_mvm_mac_iface_iterator, &data);

-       used_hw_queues = iwl_mvm_get_used_hw_queues(mvm, vif);
-
        /*
         * In the case we're getting here during resume, it's similar to
         * firmware restart, and with RESUME_ALL the iterator will find


I'm not 100% sure if the right thing to do is just to now initialize
used_hw_queues to zero; it's not entirely clear what the initial value
should be now.

Colin

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: bug report: iwlwifi: mvm: support mac80211 TXQs model
  2019-02-20 14:40 bug report: iwlwifi: mvm: support mac80211 TXQs model Colin Ian King
@ 2019-02-20 21:12 ` Johannes Berg
  0 siblings, 0 replies; 2+ messages in thread
From: Johannes Berg @ 2019-02-20 21:12 UTC (permalink / raw)
  To: Colin Ian King, Sara Sharon, Emmanuel Grumbach, Luca Coelho,
	Intel Linux Wireless, linux-wireless, netdev
  Cc: Kalle Valo, David S. Miller, linux-kernel

On Wed, 2019-02-20 at 14:40 +0000, Colin Ian King wrote:
> 
> ..when the used_hw_queues initialization was removed:
> 
> @@ -360,8 +300,6 @@ int iwl_mvm_mac_ctxt_init(struct iwl_mvm *mvm,
> struct ieee80211_vif *vif)
>                 mvm->hw, IEEE80211_IFACE_ITER_RESUME_ALL,
>                 iwl_mvm_mac_iface_iterator, &data);
> 
> -       used_hw_queues = iwl_mvm_get_used_hw_queues(mvm, vif);
> -
>         /*
>          * In the case we're getting here during resume, it's similar to
>          * firmware restart, and with RESUME_ALL the iterator will find
> 
> 
> I'm not 100% sure if the right thing to do is just to now initialize
> used_hw_queues to zero; it's not entirely clear what the initial value
> should be now.

My gut feeling says that we should just remove all of the code - we no
longer use the vif->hw_queue stuff. Which also explains why we didn't
notice any problems from this :)

Something like

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
index aa308f7e7989..f90383943c62 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
@@ -263,8 +263,7 @@ int iwl_mvm_mac_ctxt_init(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
 		.found_vif = false,
 	};
 	u32 ac;
-	int ret, i, queue_limit;
-	unsigned long used_hw_queues;
+	int ret, i;
 
 	lockdep_assert_held(&mvm->mutex);
 
@@ -341,38 +340,9 @@ int iwl_mvm_mac_ctxt_init(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
 	INIT_LIST_HEAD(&mvmvif->time_event_data.list);
 	mvmvif->time_event_data.id = TE_MAX;
 
-	/* No need to allocate data queues to P2P Device MAC and NAN.*/
 	if (vif->type == NL80211_IFTYPE_P2P_DEVICE ||
-	    vif->type == NL80211_IFTYPE_NAN) {
-		for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
-			vif->hw_queue[ac] = IEEE80211_INVAL_HW_QUEUE;
-
+	    vif->type == NL80211_IFTYPE_NAN)
 		return 0;
-	}
-
-	/*
-	 * queues in mac80211 almost entirely independent of
-	 * the ones here - no real limit
-	 */
-	queue_limit = IEEE80211_MAX_QUEUES;
-
-	/*
-	 * Find available queues, and allocate them to the ACs. When in
-	 * DQA-mode they aren't really used, and this is done only so the
-	 * mac80211 ieee80211_check_queues() function won't fail
-	 */
-	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
-		u8 queue = find_first_zero_bit(&used_hw_queues, queue_limit);
-
-		if (queue >= queue_limit) {
-			IWL_ERR(mvm, "Failed to allocate queue\n");
-			ret = -EIO;
-			goto exit_fail;
-		}
-
-		__set_bit(queue, &used_hw_queues);
-		vif->hw_queue[ac] = queue;
-	}
 
 	/* Allocate the CAB queue for softAP and GO interfaces */
 	if (vif->type == NL80211_IFTYPE_AP ||


I'll think about it a bit more and test it out, thanks for the report!

johannes


^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-02-20 21:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-20 14:40 bug report: iwlwifi: mvm: support mac80211 TXQs model Colin Ian King
2019-02-20 21:12 ` Johannes Berg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).